 Hello and welcome to this session in which we will discuss data stewardship and the RACI model. Data stewardship is a sub-topic of a larger topic that's called data governance. Now what is data governance? Data governance refer to the overall framework, policies and processes that are used by a company to ensure that the data that we have, the data that we have, is managed, protected effectively across an organization. Well this would include defining roles and responsibilities, setting data quality standards and ensuring that data security and privacy. Now data stewardship specifically is responsible management of data asset to ensure that they're available, that it is available, it has integrity, it's secure, private and in compliance with various regulatory bodies. Now this involves processes and policies and best practices and how we collect the data, store the data, use the data, share the data and archive the data with the goal of maximizing its value because someone is responsible for the data. We need to have a stewardship. What's a stewardship? Basically you are assigning a group of people, one person to teams, various teams to be in charge of this data and we're going to have three roles for the data stewardship. We're going to have what's called the data owner, a data steward and a data custodian and our job is to discuss the role of each one of these stewardship role and connect this to the RAC model. Starting with the role of each group which is starting with data owner. The data owner is a high level position that has strategic oversight over data decisions. So think about here senior managers, they are responsible for the overall value, risk, quality and utility of the data. So this is basically think of the people at the top, for example senior executives who's responsible for the overall value, risk and quality of the data and how it should be used to support business decision. The second role is data steward. Data steward is basically a mid-level management position in terms of data stewardship. It's a tactical role that makes sure that the data assets are used and comply with various regulation. What regulation are we looking at here? For example, we are in compliance with the GDPR which is the General Data Protection Regulation or HIPAA, the Health Insurance Portability and Accountability Act. They facilitate agreement about the data definitions. For example, each piece of the data has to have a definition. Well, they're going to create those definitions, the quality of the data, make sure it's quality and it's used and this role can be performed by individual or a team. So a team of experts who work closely with data owners because remember the owners are on the top, they work with the data owners and business unit to ensure that the data is used properly and in compliance with various regulation such as the GDPR and HIPAA. Now you need to know a little bit more about the GDPR and HIPAA if you are studying for the CPA exam. They also help to establish data definition. As we said, they establish, they facilitate the agreement about the data definition. What does this data means? Because we're going to talk about data definitions later on, the quality standard and data governance policies within the data stewardship. Now we have the data custodian. Think of the data custodian or on the bottom. Here's we have an IT operational role that guarantee data related control are in place and working properly. The implement data capabilities and manage the IT architecture. Now if you don't know what the IT architecture is, we're going to look at that later and can be performed by individual or a group. Those are the data custodian. So the data custodian is the IT department that's responsible that the data is stored securely and that appropriate technical controls are in place to protect the data from unauthorized access or tampering. They also manage the technical infrastructure systems for storing, processing, and analyzing the data. Now those are the three roles of data stewardship. Now we need to look at something else called the RACI model. Now we're going to take the RACI model and illustrate it in terms of data stewardship. What is the RACI model? It's basically a matrix that's used to define roles and responsibilities in a project or a process. And why is it called the RACI model? Well, R, it's an acronym responsible. So R responsible basically the R, the responsible is who does the work? Who's doing the actual work on the ground? A, R, A, A is accountable. Who's ultimately accountable for the work? This is where the box stops. Usually it's the owner or the manager, the people on the top. C is consulted. Who's consulted before the work is done? You might have a team of consultant or one person that you're going to consult about. And I, who's informed? Who's informed after the work is done? So we need to know who's who? Who's responsible? Who's doing the work? Who's accountable for the work? Because the person that's doing the work is not accountable for it. You have someone else accountable for it. Who's consulted and who's informed? So the RACI matrix provides a clear and concise way to map out tasks and responsibilities within a project or a process. So just who's doing what? Ensuring that everyone involved knows the role and what's expected of them. Think about if you work for a company, you kind of basically you're either at, in any particular task or project, you could be the R, the person that's doing the work. You could be the A, the person that's going to be held accountable for that work. Or you could be the C. C, it's mean you are being consulted before the work is done to get your opinion. Or you could be the I, you are being informed about the results by using this model organization can ensure clear lines of communication and accountability and reducing the risk of misunderstanding and improving the overall efficiency and effective of the process. We just basically organize the roles in a way that everyone knows what the responsibility and the context of data stewardship. The RACI matrix helps to ensure clear roles and responsibilities. Now the best way is to look at an actual example. For example, if we are implementing data security controls, we could have a RACI model that looks like this. The data custodians are responsible or for implementing the controls. The data owners, the people on the top are accountable, right? Usually those are the people who are accountable for ensuring the security of the data. The data steward are the one consulted to ensure that the controls align with the data governance and policies. And we're going to add one more group here, the information security team. This is basically for the overall company as a group informed of the implementation of the control because they are responsible for the overall security of the system. By using the RACI model, we ensure that the right people are involved in each task. And we're going to show you on the next slide basically a matrix. And there's a clear accountability for the results. First is to take a look at a matrix itself. So here let's talk about the data custodian. We said the data custodians are responsible for implementing controls. So on the top we have the roles and on the sides we have the tasks. So what we said is the data custodian, which is this group here, is the responsible. Responsible means the group that's doing the work. We said the data owners are accountable for the party, accountable party for ensuring the security of the data. Well, we have here the data owners that's the role and they are the party accountable, means they have the greatest responsibility. You have to have an A for every project or a process. You have to have a person that's accountable for that, for that process or that project. The data steward, we said here, the data steward are the one consulted. So we are going to talk to them, just ask them their opinion. And the information system team, which is this part here, is a group is informed, we informed them about the possibilities. Now, as I said, you should always have an A, you should always have someone responsible, and I'm sorry, someone accountable, and you should have at least one group is responsible doing the work. Now, you don't want to have too many C's, so you don't want to have C's everywhere. Why not? If everybody is a C, then you're just going to go back and forth and have so many discussion back and forth. Informed, there should be a group. There's always a group that you're going to inform. Now, let's take a look at a multiple choice questions to see if we understand the difference between data stewardship and data governance. And this is basically farhatlectures.com, provide MCQs to help you understand the concepts better. So let's take a look at the first example. Data stewardship is a day-to-day management of data asset, while data governance provide the overall framework for data management. Well, that looks like a good answer. Data stewardship are responsible for data day operation, and the data governance is for the overall framework. This is a good answer. But let's see, let's look at B. Data stewardship focuses on the security and privacy of data. Yes, they do, while data governance focuses on the quality of the data. I mean, they both do that, but that's not the overall definition. I would say A is better than B. I mean, nothing wrong would be data steward, they're responsible for security and privacy. But in overall definitions, they're responsible for the day-to-day management of the asset. And data governance doesn't focus only on data quality. It focuses on other things other than data quality. Data stewardship is the same as data governance. Now we know that they are distinct. Data stewardship is the responsibility of the data custodian, while data governance is the responsibility of the data owners. Now the data governance is the overall, that's a big responsibility. The data owners are responsible for the data. They have the responsibility, they have accountability because they're senior executives, but data governance is not the responsibility of data owners. Data governance is the umbrella, and within the data governance, so data governance is a great umbrella. And we talked about the data governance, and within that data governance, we have an area called data stewardship. Okay, so we need to understand the big picture. So the answer is A. As I mentioned, you can see those questions and others at farhatlectures.com, whether you are a CPA candidate, CISA candidate, CMA, CIA, whatever you are studying for, or accounting information student, go to farhatlectures.com, subscribe, invest in yourself, good luck, study hard, and of course, stay safe.